Book Review: Secure Coding: Principles and Practice

Are the numerous security flaws we hear so much about week after week really avoidable? Mark G. Graff and Kenneth R. van Wyk, the authors of Secure Coding: Principles and Practices, believe so. Secure Coding is a fairly quick read that everyone can benefit from, regardless of their role in the development cycle. The book is not oriented towards any specific platform, language, or methodology. It looks at this huge problem the computer industry faces from the development side and leads the reader to a better understanding of the security they can design, build, and implement into an application. Graff and van Wyk show that securing your program is more than just paying close attention to your code. Everyone involved in the development of an application needs a solid understanding of what is really needed. The book provides more than just how-to solutions, it provides a new or more complete vision of the security necessary in today's market.

"To have a realistic chance of building software that cannot easily be subverted, you must not think of your application as being merely the compiled lines of code in front of you. You must, rather, adopt the notion of a holistic application system."

The authors have three goals for the readers: to understand the holistic nature of an application's security, apply sound security practices, and learn about available resources. The book opens giving the reader a psychological, technical, and practical real-world look at security and the lack thereof. Each chapter then focuses on the security concerns inherent with each phase of the development cycle and ensuring that the application is secure within its environment.

Throughout the book, the authors, both with impressive backgrounds in the computer security field, give insight from years of working with hundreds of systems. Each chapter provides advice, examples, good and bad practices, case studies, and throughts to consider with your own application. Readers can learn from the successes and failures Graff and van Wyk have encountered over the years. I highly recommend this book to anyone involved in the developement process.